Vulnerable subcomponent: TYPO3 Backend History Module

Problem Description: Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability.

Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that fix the problem described!

Credits: Credits go to Thomas Worm who discovered and reported the issue.

Problem Description: Due to a missing access check, regular editors could see the history view of arbitrary records, only by forging a proper URL for the History Module. A valid backend login is required to exploit this vulnerability.

Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that fix the problem described!

Credits: Credits go to Core Team Member Oliver Hader who discovered and fixed the issue.

Vulnerable subcomponent: TYPO3 Backend API

Problem Description: Failing to properly HTML-encode user input the tree render API (TCA-Tree) is susceptible to Cross-Site Scripting. TYPO3 Versions below 6.0 does not make us of this API, thus is not exploitable, if no third party extension is installed which uses this API. A valid backend login is required to exploit this vulnerability.

Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that fix the problem described!

Credits: Credits go to Johannes Feustel who discovered and reported the issue.